Hi,

I've been struggling with this is issue all day and looking for a lifeline if possible.

Currently, I have one ability 'view-all-clients'. If a user doesn't have this, they can only see clients that they own. The clients table ('leads') has a column 'assigned_to' which links to the user.

In my AppServiceProvider.php boot method, I have the below:

public function boot() { Bouncer::ownedVia(Lead::class, 'assigned_to'); }

Calls to @can('view-all-clients', $model) return false and $this->authorize('view-all-clients', $lead) throws a 403, when the users.id === leads.assigned_to.

Can anyone shed any light here? Regardless of the ability, the ownedVia should override?

My abilities table:
INSERT INTO abilities (id, name, title, entity_id, entity_type, only_owned, options, scope, created_at, updated_at) VALUES ('2', 'view-all-clients', 'View all clients leads', NULL, 'App\\Clients\\Lead', '0', NULL, NULL, '2022-07-11 16:01:27', '2022-07-11 16:01:27');

Thanks in advance.

Ensure that you have
Created an OwnedBy rule
Created an Ability for OwnedBy only
Crested an ability for everything ( no owned constraint)
Assigned users those abilities.

You have to first tell Bouncer that users may own leads:

Bouncer::allowEveryone()->toOwn(Lead::class);